Slashdot Mirror

← Back to Stories (view on slashdot.org)

Test of 16 Anti-Virus Products Says None Rates "Very Good"

Posted by timothy on from the keeps-the-av-people-in-business-though dept.

An anonymous reader writes "AV-Comparative recently released the results of a malware removal test in which they evaluated 16 anti-virus software solutions. The test focused only on the malware removal/cleaning capabilities, therefore all the samples used were ones that the tested anti-virus products were able to detect. The main question was if the products were able to successfully remove malware from an already infected/compromised system. None of the products performed at a level of 'very good' in malware removal or removal of leftovers, based on those 10 samples."

37 of 344 comments (clear)

  1. Security... by xanadu113 · · Score: 5, Insightful

    Security is a process, not a product.

    --
    -Myke
    1. Re:Security... by sopssa · · Score: 2, Insightful

      Since you seem so confident and intelligent, how do you plan to teach that to a "normal person"?

      And on real slashdot style, a car analogy; we dont care how the taxi works or how its supposed to secure us, we just want to get around conveniently. Without getting killed. Now the taxi driver might care more about his systems and how the inners of car work, but we just couldn't care less. It's the same thing when casual people use computers, and you're pretty ignorant if you dont understand why it is so or why they "just want it to work" so they can do whatever they want to. Like with every other hobby or thing, only those interested in computers and security are, others are not.

    2. Re:Security... by davester666 · · Score: 5, Insightful

      It's like a piece of wood, a tape measure and a saw. If the person doesn't use the tape measure properly, and saws the wood too short, there isn't any magic that can fix the problem. Even buying a new piece of wood and a new fancy tape measure will still have the same problem if the user can't be bothered to learn how it works.

      And a computer is only slightly more complicated than a tape measure...

      --
      Sleep your way to a whiter smile...date a dentist!
    3. Re:Security... by Anonymous Coward · · Score: 1, Insightful

      I suspect it's because ClamAV doesn't have "malware removal/cleaning capabilities", which is what they were testing apparently.

    4. Re:Security... by engun · · Score: 2, Insightful

      Exactly. This is why I don't use any AV product at all. As long as you're reasonably careful not to download and install unknown programs, there's no way to justify incurring a huge performance hit on a daily basis. For example, I once "fixed" a friend's PC in which she had installed two AV programs - Avira and McAfee - for additional protection and security as I heard. File copying had dropped to something like 150Kb/sec between two hard drives because both anti-viruses were scanning it. Disabling one increased the speed to about 1.5Mb/Sec. Disabling both improved it to about 6Mb/Sec (figures according to rough recollection, to be taken with a pinch of salt). I eventually left one on since she wasn't an experienced user and needed some anti-virus program, "just-in-case".

      But experiences like these over the years have convinced me that the wisdom about adjusting your process is far more valid than having an army of products. I haven't had a single virus infection for as long as I can recall and if I did, that was because I'd been careless and run some program off the net without finding out what it was. Also, I don't think AV programs offer any meaningful protection against things like browser flaws. If someone decides to exploit say a buffer overflow vulnerability in your browser and you simultaneously decide to browse to that very site which does so, well, so sad, too bad. Might as well wait for the browser vendor to release a patch which fixes that flaw and use a more secure browser like Chrome to browse dodgy sites, rather than pray an ineffective AV magically detects it with its "heuristics". Most often, all that DLL injection and the like result in an unstable browser, rather than providing any real protection.

      Having said all that, I do see the utility in being able to do an occasional on-demand scan on an executable. I also see why AV vendors are going for the nanny philosophy to deal with the armies of inexperienced users who have no idea about the "process" behind security. But for those with a reasonable idea of it, it's probably better to suffer the rare virus infection than endure a crawling system on a daily basis thanks to some overzealous AV product.

    5. Re:Security... by Kratisto · · Score: 5, Insightful

      No, see, it's like a computer and a user and antivirus software. The user expects the antivirus software to either protect him from getting a virus to begin with, or to remove it swiftly if it fails. Unfortunately, the antivirus software isn't very good in the latter situation, and because the user is an idiot, no antivirus software can help him in the first situation.

      --
      Conscience is the inner voice which warns us that someone may be looking.
    6. Re:Security... by Darkness404 · · Score: 3, Insightful

      Which is fine until that one virus manages to get through by accident. I ran my machine AV-free for a long time until that happened, and the cleanup was unpleasant - the preventive features of AV software are far superior their cleanup ones. :S

      Yes, but think about it this way. Lets say your computer runs at half its speed with an anti-virus. You run your machine for 365 days without an AV for 30 mins doing routine work that would be slowed down by the AV (file copying, plus additional maintenance for the AV itself, etc) so it would take an hour. That is 182.5 hours per year you use it for maintenance without an AV. With an AV that doubles to 365 hours. Even if you add in a entirely long clean up process of 48 hours, you still come out ahead. And unless you get a nasty virus that somehow corrupts everything you can just restore from backup (you do have a backup of everything important right?) and if you don't have a backup you can usually boot from a Linux disk (most can read NTFS just fine) and copy things to an external HDD. So unless that machine was really mission critical (such as, if its down for 2 days you are out of lots of money) not having an AV and having a long clean up may actually save you time.

      --
      Taxation is legalized theft, no more, no less.
    7. Re:Security... by Afforess · · Score: 2, Insightful

      I find it interesting though that Microsoft Security Essentials was one of the top three AV tested, with two "good" ratings. It also happens to be free. Maybe Microsoft is learning lessons from the past?

      --
      If our elected representatives no longer represent us, do we still live in a Democracy?
    8. Re:Security... by Leekle2ManE · · Score: 4, Insightful

      I've been reading slashdot for a while and I've avoided commenting because... I'm not a nerd. I'm a geek. Which my friend always find annoying because 'back in his day' nerd and geek were the same thing.

      I've been into computers for over 10 years now and while I know far more than the average user, I don't know enough to hold a flame to many nerdier folk.

      However. I've dealt with enough real life cases in computer security/maint to know that the average user doesn't care about a process. They don't want to hear about it being a process. They view the computer as a glorified telephone/television combo. They just want to be able to power up, do what they want and log out. The average user these days isn't going to spend time to learn about how to properly protect themselves online because they have other things to do.

      To expand on a car analogy someone else used...
      Likening computer security to a car would mean comparing it to car security. While some people might take their cars to a car audio shop to get a security system installed, most will just buy their car from the dealer and just want to push the button and have their car secured. Even if they won't always push the button. Unless they're in an 'unsafe' neighborhood.

      What the average user doesn't understand is that every time the get online they're in an unsafe neighborhood. They don't know it and they're not going to do the research to find out. They're not reading /. They don't see comments about Security being a process and not a product. They just want to start up the computer and feel safe that their security system is working. They're not going to search online to find the best anti-virus product(s) available. They're not going to look for reviews of 16 anti-virus programs reviewed. They quite simply don't care and don't feel that they should have to care.

      What good is firewall software if the user has no clue whether to allow a process access to the internet or not, but since it just popped up while they were installing something new, they allow it anyways? The firewall/software does nothing for them.

      And before someone brings up the Linux solution. I love Linux. I use it. It is NOT user friendly though. With all the different flavors around, the *cough* average user would just rub their temples in frustration and stick with Macrohard products. And if they did pick a Linux distro, they would have to pray that all the components in their computer are compatible. I've installed linux on multiple systems (which previously ran some variation of winblows) and every system has had at least one piece of hardware that didn't have a driver available.

      So, to make a long story short (TOO LATE) computer security for the average person will never happen. The only way to make computers secure for the average user to make the internet secure. The only way to make the internet secure is to allow your local ISP to start white-listing/black-listing sites, thus dictating where you can and can not go. And that's never going to happen. Or at least, we hope it doesn't.

    9. Re:Security... by similar_name · · Score: 2, Insightful
      People still have to learn how drive. It doesn't just work. I can go into oncoming traffic and head end a semi. Cars don't 'just work'. The best security product is never going to keep someone from running something stupid.

      they "just want it to work"

      My mom used to say 'Want in one hand and shit in the other and see which one fills up faster.'

    10. Re:Security... by mysidia · · Score: 2, Insightful

      Yes, but malware is a product.

      AV/Anti-malware software should be a product that can expunge/protect against one type of security threat: rogue/malicious software.

      Nothing beyond the product should be required for expunging malware. If you are updating and the software maker is doing their job, that security threat is permanently dispensed with, and you can move on to other threat categories, if they ever become important to you.

      If not, you are secure, and done.

      Security is a process, not a product, refers to security in general, which is a lot harder than security against specific types of threats.

      Anti-malware won't stop an insider from offloading sensitive customer records to their USB stick and selling them off to some ID thief living in india.

      Well, you use another security tool for that: group policy. Configure all workstations so that removable media is allowed, and you no longer need to worry about USB sticks.

      Group policy won't protect against a hacker guessing your admin password, FTP'ing into your server, and pulling the files.

      There's a product for that too: A firewall. Which you install, and configure properly. Voila: hacker FTP'ing in is no longer a threat.

      Security is not just a process, but a bunch of products and proper configuration of those products.

      Probably one of the most important products is proper training and education of your staff, and proper configuration and choice of what issues to educate them about, and how you configure your organization's HUMAN security policies, for example, how you prevent random untrusted outsiders from pretending to be "maintenance" and gaining unescorted/unapproved access to your server room, from an employee @ front desk who knows where the key is.

    11. Re:Security... by slarrg · · Score: 3, Insightful

      Even when people learn to drive, accidents still happen. That's why technology is developed to reduce the negative outcomes of those accidents (crumple zones, seat belts, airbags) or attempt to diminish the likelihood of an accident occurring in the first place (brake lights, mirrors, reflective road signs.) This is the same reason anti-virus software is developed and it's certainly appropriate to debate the effectiveness of these methods.

    12. Re:Security... by davester666 · · Score: 2, Insightful

      Except this is dealing with AFTER the system has been infected. From TFA, it seems as if virus checking was disabled, the system intentionally infected with various viruses, then virus removal was run. The AV software would have a reasonable chance of being able to revert your system to a pre-virus state IF it's running while the virus is being installed (which in itself shouldn't happen, but it should stop it before it's installed), but to say it should remove all trace of any given variant of any virus is ridiculous. Particularly system settings, as there are lots of changes that are completely valid for both virus and non-virus applications, that would potentially screw up 'real' applications and/or annoy the end user because they intentionally changed it, but the AV software "knew" better.

      Now, marketing for AV software may make dubious claims about virus removal (but offhand, surfing the Norton site didn't say much about virus removal, it was mostly focused on virus protection)...

      This seems kind of like a "we'll tie one arm behind your back and then see how well you can wrestle" test...

      --
      Sleep your way to a whiter smile...date a dentist!
    13. Re:Security... by slarrg · · Score: 2, Insightful

      The primary problem that anti-virus software tries to protect against malicious activities of other people and not the actual computer user. The level of security to truly harden a networked computer from attack is incredibly high. Even the most sophisticated of us cannot guarantee 100% security of a networked system. Certainly my systems and your systems will have high levels of security but even we cannot guarantee 100% security of our own systems. Luckily, if you're in the top 50% of secure systems and you don't have military grade secrets, you're probably secure enough. Of course, that still leaves a lot of systems that are less than adequately secured. And, their users may be unlikely to become educated in the safe use of those machines

      This is not to say that we shouldn't try to educate them but we would certainly be lax if we didn't attempt to improve their security by installing systems that automatically improve the security of their systems. We do this in the real world, too. When you buy a car, it comes standard with a lock and key system to give a small amount of security. Many people in the industry can bypass those safeguards and steal your car. But still we don't keep someone from flattening your tires, cutting your battery leads or draining all your brake fluid. Most of these things could be done to a car that is locked and with the security system armed. Luckily, it's a rare enough event that we don't feel insecure as a result

      Likewise, our houses have locks on the doors. Many can still be breached through a window. Some have bars to prevent thatt. But many of those only stop a person from entering with a thin layer of siding, some fiberglass insulation, and a sheet of drywall; all of which could be breached in under a minute. So we develop automated warning systems that can quickly alert the homeowner (and paid security specialists) of a breach. Still they're not foolproof but we accept them as adequate.

      This is the equivalent of anti-virus software. Certainly we should attempt to educate people but we should also create systems that alert and notify people when their security has been breached. Likewise, we should have methods to help them remove invaders from their computer. In the real world, we have police to come in and remove criminals occupying a space illegally and it is appropriate to have software and services to do the same in a computer. The police should do the job of removing intruders regardless of whether the person forgot to lock their front door or didn't install a security system.

      I guess I'm just a little mystified as to why people always feel a need to start harping on the stupidity of the victims every time an article is written that evaluates the safeguards designed to enhance security. Education is important and certainly needs to be an ongoing effort on all security issues but in the end no one is ever completely secure and other improvements that are willing used by people to enhance their security should certainly be evaluated for effectiveness and reported on accordingly.

    14. Re:Security... by shutdown+-p+now · · Score: 2, Insightful

      How does having the source code for the OS helps you in detecting viruses - written by someone else - located inside binaries belonging to software - also typically written by someone else?

      PE format (Win32 .exe/.dll) spec is open, by the way.

    15. Re:Security... by Alpha830RulZ · · Score: 2, Insightful

      Except that the user isn't interested in the wood, tape measure, or saw, he wants a table, and thought he bought one, thank you very much. Why does he have to know how the tape is made to put his plate on it?

      Computers are somewhat unique in the level of awareness that a user has to have in order to use one safely. Unfortunately, for a lot of users, the difference between computers and magic is not apparent to them.

      --
      I was taught to respect my elders. The trouble is, it's getting harder and harder to find some.
    16. Re:Security... by gmagill · · Score: 2, Insightful

      Are you counting the time & troubles created by having a trojan-injected keylogger collecting all your bank and assorted other login passwords?

    17. Re:Security... by Blakey+Rat · · Score: 2, Insightful

      To think that anybody on this community knows anything about the average user is ridiculous.

      --
      Comment of the year
    18. Re:Security... by Anonymous Coward · · Score: 1, Insightful

      what kind of bonehead measures things like this in 'clean up' time? your data has been compromised. your passwords should be changed. your ssn or credit card numbers might have been made available to others...

      you should do a complete format and reinstall all of your applications (i hope you have backups of your data). you should also hope there isn't a nasty surprise now hiding in your bios.

      there are a tremendous number of reasons to care about securing your systems and relative clean up time is NOT one of them.

    19. Re:Security... by Anonymous Coward · · Score: 1, Insightful

      Until you find you have a trojan and all your assets (credit cards, banking info, ebay/paypal accounts) have been compromised. Have fun cleaning up that credit!

  2. Browsing safely by Utopia+Tree · · Score: 5, Insightful

    I don't think anyone sells common sense.

    1. Re:Browsing safely by Tumbleweed · · Score: 5, Insightful

      I don't think anyone sells common sense.

      It wouldn't matter if they did; no one would buy it as everyone thinks they already have it.

  3. On *NIX it is standard policy to format and by LukeCrawford · · Score: 2, Insightful

    restore from a known good backup whenever the root account is compromised, be it compromised by a worm or a human, in part because it's impossible to tell the difference between a human pretending to be a worm and a worm, so it is quite difficult (perhaps impossible) to know what the attacker did, and how to undo the damage.

  4. if mearly loading a website compromises my by LukeCrawford · · Score: 2, Insightful

    computer, my browser is completely broken.

  5. They tested Anti-virus software for malware by Jazz-Masta · · Score: 5, Insightful

    How about testing some malware removal programs? Malwarebytes, Adaware, Spybot?

    I find Malwarebyte's Anti-malware to work wonders. Paired with Avast home edition, it is a good free combination. I think most system administrators notice the difference between software primarily tailored for virus detection and removal, and ones tailored for malware detection and removal.

    They tested these:

    Avast Professional Edition 4.8
    AVG Anti-Virus 8.5
    AVIRA AntiVir Premium 9.0
    BitDefender Anti-Virus 2010
    eScan Anti-Virus 10.0
    ESET NOD32 Antivirus 4.0
    F-Secure AntiVirus 2010
    G DATA AntiVirus 2010
    Kaspersky Anti-Virus 2010
    Kingsoft AntiVirus 9
    McAfee VirusScan Plus 2009
    Microsoft Security Essentials 1.0
    Norman Antivirus & Anti-Spyware 7.10
    Sophos Anti-Virus 7.6
    Symantec Norton Anti-Virus 2010
    Trustport Antivirus 2009

    1. Re:They tested Anti-virus software for malware by dbIII · · Score: 2, Insightful

      I think most system administrators notice the difference between software primarily tailored for virus detection and removal, and ones tailored for malware detection and removal.

      I think all system administrators performing the job they are paid to do don't muck about with such things - guessing where the system has been compromised and what is in some hidden corner. Instead they wipe it and rebuild or restore from backups. Of course outside the job we are confronted by people that do not have backups or even install media (every raving MS windows fanboy I've met did not actually pay for the software), so then you have to muck about with "cleaning" things and hope you've got the lot.
      They are called 0wned for a reason, it's not your computer anymore you are better off wiping it and starting again.

  6. Stop with the recommendations by HermMunster · · Score: 4, Insightful

    Stop recommending products. The tests demonstrate that av products don't perform well. It is right on. 80% of my day is spent cleaning malware. I have written here many times about how you need a combination of products. I've also emphasized the need to do the initial cleaning with the infected drive as the secondary in a second machine.

    Until you do this day in and day out please stop with the recommendations, as you are not helping anyone one bit.

    --
    You can lead a man with reason but you can't make him think.
  7. Re:I Just switched to an interesting product .... by curmi · · Score: 2, Insightful

    He was hardly an "ass", though maybe a troll. Certainly an entertaining post, but your response to it was wrong.

    1) There are NO viruses for the Mac. There are trojans though, like any OS.

    2) The Mac has long had the marketshare for viruses - pre-OS X there were plenty of Mac viruses. There have been none for OS X because it is more difficult to write them with the way the new OS is designed. Writing one for OS X is like a holy grail for virus writers.

    3) Who is the "ass" calling OS X a "precious yuppie OS"?

  8. Expeted Linux fanboy response. by Hurricane78 · · Score: 2, Insightful

    *whispers*
    "Shall I?"
    (whisperwhisper)
    "Why me??"
    (whisperwhisper)
    "Ok, damnit! I'll do it! But you owe me one!"

    *steps forward into the spotlight*

    *loud*
    "Well, I found a better combination:"
    *louder*
    "JUST INSTALL GNU/LINUX!"

    *normal voice*
    "Thank you, thank you! I will be here..." *dodges flying chair and Granny Smith with bite mark* "... all night!"

    (P.S.: I use Linux as my main Desktop. And Windows for the games. No hard feelings here. :)

    --
    Any sufficiently advanced intelligence is indistinguishable from stupidity.
  9. Re:No Joke by dangitman · · Score: 4, Insightful

    Most of the infections I deal with on a regular basis are coming from AD BANNERS. I have literally had people get a brand new machine, sit down at it, open IE8 and browse to one of the major sports news sites (ESPN, TSN, MLB, NFL, etc.) and get IMMEDIATELY infected by a banner ad!

    Hmmm... could a law suit (class-action or otherwise) be an idea here? After all, isn't it illegal to infect someone's computer with malware? How is it that these major websites are getting away with it?

    --
    ... and then they built the supercollider.
  10. Wipe It by Talisman · · Score: 4, Insightful

    Imaging products have become so good and fast that I no longer bother with 'scrubbing' a computer clean when it gets a virus. I can reimage the machine in less time; 15 minutes from start to finish, and I don't have to worry about viral remnants in the registry or some deeply buried hidden folder with a time bomb inside.

    I keep our company's image file up-to-date, and when something goes wrong with a computer (drive crash, corrupt registry, malware, whatever) they are back online in 15 minutes. Screw scouring the web for a utility to remove a particular virus that may or may not work, and screw relying on an all-in-one product to save you from malware.

    I have come to terms with the absolute fact that users are stupid and careless and aside from rare individual who bother to be responsible, they will always be stupid and careless, no matter how much I wish they would change.

    In a business environment, imaging is the way to go.

    (I use a Mac at home and don't have to worry about such things)

    --

    "Study your math, kids. Key to the universe." -The Archangel Gabriel
    1. Re:Wipe It by Turzyx · · Score: 3, Insightful

      I use a Mac at home and don't have to worry about such things

      http://it.slashdot.org/article.pl?sid=09/04/16/2327246 I was with you up until the very end. Why ruin a perfectly good comment with overconfidence and arrogance?

  11. Common sense was left out of the program by dbIII · · Score: 3, Insightful

    If you had more than a passing familiarity with Microsoft's products and the elaborate pile of stuff on top that makes it even more insecure you would be aware that you need more than that. Large numbers of viruses and worms have spread with no user interaction at all, and others that required intervention have spread via things that appear to be quite innocent to the user (banner advertisement on Australia's Telstra white pages telephone number search page one day for instance). Then of course there is downloading that program that the user assumes is only going to give them an animated purple monkey, a weather report or little images of smiles to decorate their emails. They don't know that they system has no way of protecting them from such things being other than what they appear to be.
    Don't fall for the copout of accusing the users of being idiots. Instead it's a long chain of events with stupidity at many steps on the part of some developers which gave us a house of cards which the user can upset so easily.
    We can't just say "haha, user is an idiot" when we in the computer software industry can look in the mirror to see part of the real idiocy. Every time I make a user "admin" or "power user" so that they can run badly written software I add to the idiocy and create another potential node for a botnet or another chance at credit card fraud.
    At one site I do work for EVERY user has to be "admin" so they can run an internally developed dotnet application that writes it's config file to the root of the system drive simply because that's where the developer wanted to put it. The developer has a string of certifications and years of experience but still carries on with such overtly STUPID actions, not because he is stupid but because a very large chunk of the industry is stupid and stupidity is standard operating procedure. Most of the new security options in Microsoft's products are rendered pointless when the applications on top come from such a culture of stupidity.

  12. Whack a mole, just like... by brit74 · · Score: 1, Insightful

    We've been fighting computer viruses for decades now. And we haven't made any headway. It just seems to get worse. Isn't it time that we all just give up and allow viruses to infect our computers? Let's stop fighting it. Let's stop playing 'whack a mole'. No? You don't think so? Sorry, I just has to say that to parody all of the 'you can't stop piracy, you should just permit it' arguments.

  13. Re:No Joke by Antony-Kyre · · Score: 2, Insightful

    That is why we have to love how Google does their ads. Graphical ads just don't feel safe. But, maybe I'm paranoid. Maybe it's the flash ads that are the real offenders.

    So, either banner blocking software, or perhaps freeze software, so if someone is infected, a reboot brings it back to status quo.

  14. Re:I use Microsoft anti-virus and love it by Anonymous Coward · · Score: 2, Insightful

    BuY H3rB@l V1agaRa t0Day!!!

    I know you are going for funny with a shot at Microsoft (will that work around here I wonder? :), but you did notice that Microsoft Security Essentials was one of the best in the test? ;->

  15. Re:I use Microsoft anti-virus and love it by baptiste · · Score: 4, Insightful

    BuY H3rB@l V1agaRa t0Day!!!

    I know you are going for funny with a shot at Microsoft (will that work around here I wonder? :), but you did notice that Microsoft Security Essentials was one of the best in the test? ;->

    No kidding. I am not an MS fanboi by any stretch, but when they released Security Essentials, I gave it a whirl and have now swapped out AVG for it on everything I run AND recommend it to many of my clients (who usually are complaining about how slow their computer is since they installed NORTON 360 or they have a paid AV that expired years ago) It's lightweight, easy to us, has a very easy to understand user interface that isn't so graphical (*cough* N360), and it just works. Nice to see it garner some of the higher ratings in this test.

    What amazes me is how much like Malware Norton, McAffee, and CA can be. Uninstalling them doesn't remove them completely. You HAVE to use their removal tool. I had to remove CA ISS the other day and it was painful. Had to remove it in pieces AND run a fix on the registry permissions which had been completely locked down to the point that 'Administrator' couldn't add/remove programs. So yeah - any time systems come into my shop, I recommend they drop whatever paid AV they're using and run MSE. No nag screens like AVG and it doesn't talk to you like Avast :) My only fear is that in a year they'll let it stagnate OR try to bloat it like the others. But if they keep it simple and go for the majority of infection vectors, hats off to them. Still won't make me use IE, but it's nice to see something like this come out of Redmond, even if they bought part of it.

    --
    Top Most Bizarre/Disturbing Error Messages